Sorry

Experian (LON:EXPN) is facing criticism over allegations that it sold data to identity thieves. The "fullz" resold by the alleged conspirators contained enough personally-identifiable information to pull off an ID theft. They're also said to have sold credit-card data. The 15 charges against indicted alleged conspirator Hieu Minh Ngo could see him jailed for over 50 years.

An identity theft service that sold Social Security and drivers license numbers...bank account and credit card data...purchased much of its data from [a] major credit bureau.

...

In November 2011, [I] ran a story about an underground service...marketing the ability to look up full Social Security numbers, birthdays, drivers license records and financial information. ... In the past week, an individual...wrote to say that...he’d identified the source of the data [as] USInfoSearch.com. [It's] CEO Marc Martin said the data [came] via Court Ventures. ... In March 2012, Court Ventures was purchased by Costa Mesa, Calif.-based Experian.

...

According to Martin...Superget...gained access to Experian’s databases by posing as a U.S.-based private investigator [despite] signs that should have alerted Experian. ... For example, Martin said the Secret Service told him that...Superget.info had paid Experian...using wire transfers sent from Singapore.

...

Experian acknowledged the broad outlines of Martin’s story: “After the acquisition, the US Secret Service notified Experian that Court Ventures had been and was continuing to resell data...to a third party possibly engaged in illegal activity. [We] discontinued reselling US Info Search data and [helped] bring Vietnamese national Hieu Minh Ngo, the alleged perpetrator, to justice.” MORE

A Vietnamese national has been indicted...for allegedly participating in [a] scheme to steal and sell hundreds of thousands of Americans’...PII through various underground websites that he operated. ... Hieu Minh Ngo, 24...was charged in a 15-count indictment filed under seal in November 2012, charging him with...wire fraud...identity fraud...identity theft [and] access device fraud.

...

According to the indictment...Ngo and other members of the conspiracy [sold] PII for more than 500,000 individuals. These packages, known as “fullz,” typically included a person’s name, date of birth, social security number, bank account number and bank routing number [that they also] sold...stolen payment card data [and] that Ngo operated one or more...carder forums, where he stored and offered for sale “fullz” and other PII.

...

The defendant is presumed to be innocent unless and until proven guilty. MORE

But Silhouette has little time for the credit-rating agencies:

I'm from Europe, where generally personal privacy gets more emphasis than...the US. We have explicit laws about collecting and processing personal data, but...the risks are still there.

...

The last time I paid a little real money to get hold of my personal credit report from one of these credit reporting organisations, it was so riddled with...wildly inaccurate data points, that I was on the phone to them for something like half an hour to get them to correct everything.

...

The woman on the phone asked if I would be much longer because it was the end of the day and time for her to go home. MORE

Richi Jennings — Your humble blogwatcher is an independent analyst/consultant, specializing in blogging, email, spam, and other security topics. He was voted 'Most likely to get up first to sing at karaoke' for 14 years in succession.